“Most Wanted” man pleads guilty to cyberattack that rocked Vermont hospital

A Ukrainian man pleaded guilty in federal court Thursday for his leading role in two cyberattack programs that caused tens of millions of dollars in losses and temporarily paralyzed a Vermont hospital in 2020, according to the Justice Department .

Prosecutors said Vyacheslav Igorevich Penchukov, 37, was the leader of an organization that in May 2009 began infecting thousands of company computers with malicious software and that he helped conduct a separate malware scheme that began around November 2018.

Mr. Penchukov, of Donetsk, pleaded guilty in U.S. District Court in Nebraska to one count of conspiracy to commit a crime violating the Racketeer Influenced and Corrupt Organizations Act and to one count of conspiracy to commit wire fraud. He was arrested in Switzerland in 2022 and was extradited to the United States in 2023. A lawyer could not be found for Mr. Penchukov because the court file was sealed.

The Department of Justice said so that Mr. Penchukov helped lead “a wide-ranging racketeering enterprise and conspiracy” that installed malicious software known as Zeus on thousands of company computers, starting in 2009. The malware allowed the company to collect information used to access online bank accounts, including passwords and personal identification numbers.

Mr. Penchukov and other members of the group then posed as employees of companies authorized to transfer money from the targeted accounts, causing millions of dollars in losses, according to the Justice Department.

The money was deposited into the accounts of residents in the United States and other countries, known as “money mules,” and those people then sent it to overseas accounts operated by Mr. Penchukov and other members of the group, according to the Justice Department.

Mr. Penchukov was charged with these crimes 2012 while he was still at large, according to an indictment made public in 2014.

On Thursday, Penchukov also pleaded guilty to his leading role in the separate malware scheme that ran from at least November 2018 to February 2021, according to federal prosecutors.

The malware, known as IcedID or Bokbot, was installed on computers to collect personal information from victims, including bank account credentials, and the data was used to steal from them, according to the Justice Department. IcedID also allowed cybercriminals to install additional malware on infected computers, including ransomware, which is used to lock digital information until the victim pays for its release.

The targets of these ransomware attacks included the University of Vermont Medical Center, which the Department of Justice said lost more than $30 million. A 2020 attack on the hospital “left the medical center unable to provide many critical services to patients for more than two weeks, creating a risk of death or serious bodily injury to patients,” the Justice Department said.

Workers at the University of Vermont Medical Center told the New York Times in November 2020 that the attack had forced the hospital to turn away hundreds of cancer patients and required staff to search through written documents to find important information .

In September 2023, the medical center’s president, Dr. Stephen Leffler, testified in the House of Representatives and said that the hospital did not have access to electronic medical records for 28 days due to the attack.

“We didn’t have the Internet” Dr. Leffler said. “We didn’t have phones. It has had an impact on radiological imaging and laboratory results.”

The hospital said in a statement that it was “proud of our team’s work in providing the best care possible while the investigation and restoration was ongoing.”

According to the Justice Department, Mr. Penchukov was also known as Vyacheslav Igoravich Andreev and Tank, an online nickname. He had been in the FBI The cyber most wanted list for almost a decade.

Mr. Penchukov’s sentencing is scheduled for May 9. He faces up to 20 years in prison on each charge.